apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: deploy-openshift
spec:
  inputs:
    params:
      - name: playbook_dir
        description: Directory containing playbook files
        type: string
      - name: ocp_version
        description: OpenShift version
        type: string
      - name: ocp_base_path
        description: Base path for OpenShift binaries
        type: string
      - name: ocp_bin_path
        description: Path to store OpenShift binaries
        type: string
      - name: ocp_bin_url
        description: URL to download OpenShift binaries
        type: string
      - name: repo_fid_user
        description: Repository FID username
        type: string
      - name: repo_fid_pw
        description: Repository FID password
        type: string
      - name: ocp_cluster_tmpfs
        description: Temporary directory for OpenShift cluster
        type: string
      - name: internalLb_enabled
        description: Flag indicating if internal load balancer is enabled
        type: boolean
      - name: bootstrap
        description: Bootstrap node configuration
        type: object
      - name: masters
        description: List of master node configurations
        type: array
      - name: workers
        description: List of worker node configurations
        type: array
      - name: cluster_subnets
        description: List of cluster subnets
        type: array
      - name: ipam_client_cert
        description: IPAM client certificate
        type: string
      - name: ipam_client_key
        description: IPAM client key
        type: string
      - name: butane_image
        description: Butane image for ignition file creation
        type: string
      - name: ignition_validate_image
        description: Ignition validation image
        type: string
      - name: coreos_installer_image
        description: CoreOS installer image
        type: string
      - name: skip_hardware_check
        description: Flag to skip hardware check
        type: boolean
  steps:
    - name: execute-python-script
      image: python:3
      command:
        - "/bin/sh"
        - "-c"
      script: |
        import os
        import shutil
        import subprocess

        playbook_dir = "{{inputs.params.playbook_dir}}"
        ocp_version = "{{inputs.params.ocp_version}}"
        ocp_base_path = "{{inputs.params.ocp_base_path}}"
        ocp_bin_path = "{{inputs.params.ocp_bin_path}}"
        ocp_bin_url = "{{inputs.params.ocp_bin_url}}"
        repo_fid_user = "{{inputs.params.repo_fid_user}}"
        repo_fid_pw = "{{inputs.params.repo_fid_pw}}"
        ocp_cluster_tmpfs = "{{inputs.params.ocp_cluster_tmpfs}}"
        internalLb_enabled = "{{inputs.params.internalLb_enabled}}"
        skip_hardware_check = "{{inputs.params.skip_hardware_check}}"
        bootstrap = {{inputs.params.bootstrap | tojson}}
        masters = {{inputs.params.masters | tojson}}
        workers = {{inputs.params.workers | tojson}}
        cluster_subnets = {{inputs.params.cluster_subnets | tojson}}
        ipam_client_cert = "{{inputs.params.ipam_client_cert}}"
        ipam_client_key = "{{inputs.params.ipam_client_key}}"
        butane_image = "{{inputs.params.butane_image}}"
        ignition_validate_image = "{{inputs.params.ignition_validate_image}}"
        coreos_installer_image = "{{inputs.params.coreos_installer_image}}"

        # Build machine and subnet lists
        subprocess.run(["ansible-playbook", "-i", "tf_servers", playbook_dir + "/../vars/main.yml"])

        # Set OpenShift minor version
        ocp_minor_ver = int(ocp_version.split('.')[1])

        # Create directory for OpenShift binaries
        os.makedirs(ocp_base_path, exist_ok=True)
        os.makedirs(ocp_bin_path, exist_ok=True)

        # Place OpenShift binaries on admin
        for item in ["openshift-install", "rhcos-live.x86_64.15o"]:
            subprocess.run(["wget", ocp_bin_url + "/" + ocp_version + "/" + item, "-O", ocp_bin_path + "/" + item])
            os.chmod(ocp_bin_path + "/" + item, 0o755)

        # Create cluster directory to mount tmpfs
        os.makedirs(ocp_cluster_tmpfs, exist_ok=True)

        # Mount tmpfs for cluster directory
        subprocess.run(["mount", "-t", "tmpfs", "-o", "size=5m", ocp_cluster_name + "-tmpfs", ocp_cluster_tmpfs])

        # Create cluster directory
        os.makedirs(ocp_cluster_tmpfs + "/openshift")

        # Check hardware configuration
        hardware_healthy = True

        # Check bootstrap hardware
        subprocess.run(["ansible-playbook", "-i", "tf_servers", "baremetal/check_bmc.yaml", "bmc_ip=" + bootstrap['bmc_ip'], "node_type=bootstrap", "host_mac=" + bootstrap['host_mac']])

        # Check master hardware
        for master in masters:
            subprocess.run(["ansible-playbook", "-i", "tf_servers", "baremetal/check_bmc.yaml", "bmc_ip=" + master['bmc_ip'], "node_type=master", "name=" + master['name']])

        # Check worker hardware
        for worker in workers:
            subprocess.run(["ansible-playbook", "-i", "tf_servers", "baremetal/check_bmc.yaml", "bmc_ip=" + worker['bmc_ip'], "node_type=worker", "host_mac=" + worker['host_mac']])

        # Template out install-config file
        subprocess.run(["ansible-playbook", "-e", "repo_fid_auth=" + repo_fid_user + ":" + repo_fid_pw, "-i", "tf_servers", "-e", "ocp_version=" + ocp_version, "-e", "ocp_cluster_tmpfs=" + ocp_cluster_tmpfs, playbook_dir + "/../templates/install-config.yaml.j2"])

        # Create manifest files
        subprocess.run([ocp_bin_path + "/openshift-install", "create", "manifests", "--dir=" + ocp_cluster_tmpfs + "/openshift"])

        # Write IPAM client cert and key to tmpfs
        with open(ocp_cluster_tmpfs + "/ipam/client.crt", "w") as cert_file:
            cert_file.write(ipam_client_cert)
        with open(ocp_cluster_tmpfs + "/ipam/client.key", "w") as key_file:
            key_file.write(ipam_client_key)

        # Enable DHCP on Subnet and create Router/Switch objects
        for subnet in cluster_subnets:
            subprocess.run(["ansible-playbook", "-i", "tf_servers", "ipam/apply_dhcp_scope.yaml", "cluster_subnet=" + subnet])

        # Reserve API address and create DNS name
        subprocess.run(["ansible-playbook", "-i", "tf_servers", "ipam/reserve_static.yaml", "-e", "hostname=api." + ocp_cluster_name, "-e", "@ip_address.yml"])

        # Reserve APPS address and create DNS name
        subprocess.run(["ansible-playbook", "-i", "tf_servers", "ipam/reserve_static.yaml", "-e", "hostname=apps." + ocp_cluster_name, "-e", "@ip_address.yml"])

        # Create ignition files
        subprocess.run([ocp_bin_path + "/openshift-install", "create", "ignitionconfigs", "--dir=" + ocp_cluster_tmpfs + "/openshift"])

        # Copy live iso for each node type
        for node_type in ["bootstrap", "master", "worker"]:
            shutil.copyfile(ocp_bin_path + "/rhcos-live.x86_64.iso", ocp_cluster_tmpfs + "/openshift/" + node_type + "-rhcos-live.x86_64.iso")

        # Pull export folder back to admin node
        for node_type in ["bootstrap", "master", "worker"]:
            shutil.copyfile(ocp_cluster_tmpfs + "/openshift/" + node_type + ".ign", playbook_dir + "/files/" + node_type + ".ign")

        # Create Butane files for each node type
        for node_type in ["bootstrap", "master", "worker"]:
            with open(playbook_dir + "/../templates/ignition_butane.yaml.j2", "r") as template_file:
                template = template_file.read()
                template = template.replace("{{ node_type }}", node_type)
                with open(ocp_cluster_tmpfs + "/openshift/" + node_type + "_ignition_butane.yaml", "w") as butane_file:
                    butane_file.write(template)

        # Create ignition file based on Butane file
        for node_type in ["bootstrap", "master", "worker"]:
            subprocess.run(["podman", "run", "--rm", "-i", "--pull=always", butane_image, "--pretty", "--strict", "<", ocp_cluster_tmpfs + "/openshift/" + node_type + "_ignition_butane.yaml", ">", ocp_cluster_tmpfs + "/openshift/" + node_type + ".ign"])

        # Validate ignition file
        for node_type in ["bootstrap", "master", "worker"]:
            subprocess.run(["podman", "run", "--rm", "--pull=always", ignition_validate_image, ocp_cluster_tmpfs + "/openshift/" + node_type + ".ign"])

        # Create embedded ISO for bootstrap
        subprocess.run(["podman", "run", "--rm", "--pull=always", "--privileged", "-v", ocp_cluster_tmpfs + "/openshift:/data", "-w", "/data", coreos_installer_image, "iso", "ignition", "embed", "/data/bootstrap.ign"])

        # Create embedded ISO for each node type (master + worker)
        for node_type in ["master", "worker"]:
            subprocess.run(["podman", "run", "--rm", "--pull=always", "--privileged", "-v", ocp_cluster_tmpfs + "/openshift:/data", "-w", "/data", coreos_installer_image, "iso", "ignition", "embed", "/data/" + node_type + ".ign"])

        # Create directory for HTTP server
        os.makedirs("/var/www/html/openshift/" + ocp_cluster_name, exist_ok=True)

        # Copy ignition files to HTTP server
        for node_type in ["bootstrap", "master", "worker"]:
            shutil.copyfile(ocp_cluster_tmpfs + "/openshift/" + node_type + "-rhcos-live.x86_64.iso", "/var/www/html/openshift/" + ocp_cluster_name + "/" + node_type + "-rhcos-live.x86_64.iso")

        # Remove ISOs from openshift directory
        for node_type in ["bootstrap", "master", "worker"]:
            os.remove(ocp_cluster_tmpfs + "/openshift/" + node_type + "-rhcos-live.x86_64.iso")

        # Make files readable for HTTP server
        subprocess.run(["chmod", "755", "/var/www/html/openshift/" + ocp_cluster_name + "/" + node_type + "-rhcos-live.x86_64.iso"])

---------------------------------------

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: perform-hardware-checks
spec:
  inputs:
    params:
      - name: bmc_ip
        description: BMC IP address
        type: string
      - name: bmc_user
        description: BMC username
        type: string
      - name: bmc_pass
        description: BMC password
        type: string
      - name: host_mac
        description: Host MAC address
        type: string
  steps:
    - name: perform-hardware-checks
      image: python:3
      script: |
        import requests
        import json
        import subprocess
        import sys

        bmc_ip = sys.argv[1]
        bmc_user = sys.argv[2]
        bmc_pass = sys.argv[3]
        host_mac = sys.argv[4]

        # Login to BMC via Redfish
        url = f"https://{bmc_ip}/redfish/v1/SessionService/Sessions/"
        headers = {"Content-Type": "application/json"}
        payload = {"UserName": bmc_user, "Password": bmc_pass}
        response = requests.post(url, headers=headers, json=payload, verify=False)
        auth_token = response.headers.get("x_auth_token")

        # Get system manufacturer
        url = f"https://{bmc_ip}/redfish/v1"
        headers = {"Content-Type": "application/json", "X-Auth-Token": auth_token}
        response = requests.get(url, headers=headers, verify=False)
        vendor = response.json().get("Vendor")

        # Get Systems endpoint
        url = f"https://{bmc_ip}/redfish/v1/Systems"
        response = requests.get(url, headers=headers, verify=False)
        oem_endpoint = response.json()["Members"][0]["@odata.id"]

        # Check interface associated with MAC is up (Dell)
        if vendor == "Dell":
            nic_slot_dell_output = subprocess.run(["sshpass", "-p", bmc_pass, "ssh", "-o", "StrictHostKeyChecking=no", f"{bmc_user}@{bmc_ip}", "racadm", "nicstatistics"], capture_output=True)
            # Add your tasks to ensure the NIC link is up here
            # Set hardware unhealthy if link state is down (Dell)
            # For now, just setting a placeholder variable
            hardware_healthy = False

        # Check interface associated with MAC is up (HPE)
        if vendor == "HPE":
            nic_slot_hpe_output = subprocess.run(["sshpass", "-p", bmc_pass, "ssh", "-o", "StrictHostKeyChecking=no", f"{bmc_user}@{bmc_ip}", f"show system1/networki/Integrated NICS | grep {host_mac} | head -1"], capture_output=True)
            # Add your tasks to ensure the NIC link is up here
            # Set hardware unhealthy if link state is down (HPE)
            # For now, just setting a placeholder variable
            hardware_healthy = False

        # Check RAID Configuration (Dell)
        if vendor == "Dell":
            url = f"https://{bmc_ip}{oem_endpoint}/Storage"
            response = requests.get(url, headers=headers, verify=False)
            raid_device_count = sum(1 for item in response.json()["Members"] if "RAID" in item["@odata.id"])
            if raid_device_count == 0 or raid_device_count > 1:
                hardware_healthy = False

        print("All tasks completed successfully.")


----------------------------------

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: manage-bmc
spec:
  inputs:
    params:
      - name: bmc_ip
        description: BMC IP address
        type: string
      - name: bmc_user
        description: BMC username
        type: string
      - name: bmc_pass
        description: BMC password
        type: string
  steps:
    - name: manage-bmc
      image: python:3
      script: |
        import requests
        import json
        import sys

        bmc_ip = sys.argv[1]
        bmc_user = sys.argv[2]
        bmc_pass = sys.argv[3]

        # Log in and get the auth token
        url = f"https://{bmc_ip}/redfish/v1/SessionService/Sessions/"
        headers = {"Content-Type": "application/json"}
        payload = {"UserName": bmc_user, "Password": bmc_pass}
        response = requests.post(url, headers=headers, json=payload, verify=False)
        auth_token = response.headers.get("x_auth_token")

        # Get vendor information
        url = f"https://{bmc_ip}/redfish/v1"
        headers = {"Content-Type": "application/json", "X-Auth-Token": auth_token}
        response = requests.get(url, headers=headers, verify=False)
        vendor = response.json().get("Vendor")

        # Get Systems endpoint
        url = f"https://{bmc_ip}/redfish/v1/Systems"
        response = requests.get(url, headers=headers, verify=False)
        oem_endpoint = response.json()["Members"][0]["@odata.id"]
        reboot_endpoint = f"{oem_endpoint}/Actions/ComputerSystem.Reset"

        # Get Managers endpoint
        url = f"https://{bmc_ip}/redfish/v1/Managers"
        response = requests.get(url, headers=headers, verify=False)
        managers_endpoint = response.json()["Members"][0]["@odata.id"]

        # Set virtual media to boot on next reset
        if vendor == "HPE":
            url = f"https://{bmc_ip}{managers_endpoint}/Attributes"
            body = {
                "Attributes": {
                    "VirtualMedia.1.Attached": "AutoAttach",
                    "VirtualMedia.1.BootOnce": "Enabled",
                    "VirtualMedia.1.Enable": "Enabled",
                    "VirtualMedia.1.EncryptEnable": "Enabled",
                    "VirtualMedia.1.FloppyEmulation": "Disabled"
                }
            }
            response = requests.patch(url, headers=headers, json=body, verify=False)
            print(response.status_code)
        elif vendor == "Dell":
            url = f"https://{bmc_ip}{managers_endpoint}/Attributes"
            body = {
                "Attributes": {
                    "VirtualMedia.1.Attached": "AutoAttach",
                    "VirtualMedia.1.BootOnce": "Enabled",
                    "VirtualMedia.1.Enable": "Enabled",
                    "VirtualMedia.1.EncryptEnable": "Enabled",
                    "VirtualMedia.1.FloppyEmulation": "Disabled"
                }
            }
            response = requests.patch(url, headers=headers, json=body, verify=False)
            print(response.status_code)

        # Power On Host
        url = f"https://{bmc_ip}{reboot_endpoint}"
        body = {"ResetType": "On"}
        response = requests.post(url, headers=headers, json=body, verify=False)
        print(response.status_code)
